1. Technical Field
The present invention relates to a control method of an application program and an apparatus therefor. More particularly, the present invention relates to a control method for controlling a function call from an application program to an operating system and an apparatus therefor.
2. Description of the Prior Art
Recently, there has been an increase in theft of security information stolen by an authorized user, or a person with such access. It is known in the art to require user accounts and associated passwords to such accounts to control access of specific user to data. One prior art control technique known is mandatory access control, which limits the authority of access control to an administrator. Even if a process has a right to access an object, the process will only be granted the requested access if the process holds an access right thereto. Examples of known mandatory access control techniques include SELinux, AppArmor, and TOMOYO Linux. The mandatory access control techniques enforce access control to a resource by modifying the kernel of an operating system, using the mechanism of kernel hooks, or modifying an application. Other access control policies monitor API calls and controls the behavior of processes based on a previously defined policy. This eliminates the need to modify an application or operating system while ensuring a comprehensive mandatory access control.
Conventional operating systems control operation of an application program based on information set by a system administrator. For example, the operating system inhibits or enables access to a specific file according to the authority of a user who activates the application program. While the above-mentioned prior art technique addresses a specific control policy for a specific process or program, the prior art does not address a control policy on a running process. Security management is dynamic and access to a process or program may change in an on-going manner on a running application. Furthermore, it is known in the art for large scale application to employ a multiple document interface (MDI) system to simultaneously display multiple documents within the same process. Prior art applications employ a process-by-process mandatory access control policy where it is natural to apply an access control policy on a document by document basis. The prior art applications cannot change a policy even if a document to be edited by a user is changed. The prior art application can only apply one fixed policy to all documents in a single process.
As discussed above, the prior art solutions to implementation and enforcement of control policies are limited to control based on a process. In association with a command line interface, the prior art enforcement of control policies was acceptable. However, in recent years the command line interface has been sidelined by the graphical user interface. Therefore, there is a need for a policy management scheme that is adapted to a graphical user interface environment and applications that operate within a graphical user interface environment.